in modules/material-management-browser/src/browser_cryptographic_materials_manager.ts [157:211]
async _initializeDecryptionMaterial(
suite: WebCryptoAlgorithmSuite,
encryptionContext: EncryptionContext
) {
const { signatureCurve: namedCurve } = suite
/* Check for early return (Postcondition): The WebCryptoAlgorithmSuite specification must support a signatureCurve to extract a verification key. */
if (!namedCurve) {
/* Precondition: The context must not contain a public key for a non-signing algorithm suite. */
needs(
!Object.prototype.hasOwnProperty.call(
encryptionContext,
ENCODED_SIGNER_KEY
),
'Encryption context contains public verification key for unsigned algorithm suite.'
)
return new WebCryptoDecryptionMaterial(suite, encryptionContext)
}
/* Precondition: WebCryptoDefaultCryptographicMaterialsManager If the algorithm suite specification requires a signatureCurve a context must exist. */
if (!encryptionContext)
throw new Error(
'Encryption context does not contain required public key.'
)
const { [ENCODED_SIGNER_KEY]: compressPoint } = encryptionContext
/* Precondition: WebCryptoDefaultCryptographicMaterialsManager The context must contain the public key. */
needs(compressPoint, 'Context does not contain required public key.')
const backend = await getWebCryptoBackend()
const subtle = getNonZeroByteBackend(backend)
const webCryptoAlgorithm = { name: 'ECDSA', namedCurve }
const extractable = false
const usages = ['verify'] as AwsEsdkJsKeyUsage[]
const format = 'raw'
const publicKeyBytes = VerificationKey.decodeCompressPoint(
fromBase64(compressPoint),
suite
)
const publicKey = await subtle.importKey(
format,
publicKeyBytes,
webCryptoAlgorithm,
extractable,
usages
)
return new WebCryptoDecryptionMaterial(
suite,
encryptionContext
).setVerificationKey(new VerificationKey(publicKey, suite))
}